I installed OpenVpn AS 2.6.1 on an aws instance (Didn't use the OpenVPN AMI) -
I am able to connect to the server but can't ssh to any of the instances on my private subnets nor ssh using private IP to an instance in a public subet (ssh using public DNS in public subnet works, but i don't need VPN for that...)
Steps i did:
- Disable source/dest check on AWS instance
- Security Groups - I cleared all rules of security groups setting permission for any protocol on any port, open to the world just to make sure this isn't the issue
- I checked ifconfig and validated i have the right ip as defined in vpn.server.group_pool.0 .
Thanks.
Below is my current configuration:
{
"admin_ui.https.ip_address": "all",
"admin_ui.https.port": "11943",
"aui.eula_version": "2",
"auth.ldap.0.min_ssl": "tls1_2",
"auth.ldap.0.name": "Google Secure LDAP",
"auth.ldap.0.sasl_external": "true",
"auth.ldap.0.server.0.host": "ldap.google.com:636",
"auth.ldap.0.ssl_auth_cert": "/etc/ssl/certs/gldap.crt",
"auth.ldap.0.ssl_auth_key": "/etc/ssl/certs/gldap.key",
"auth.ldap.0.ssl_ciphers": "ECDHE-RSA-AES128-GCM-SHA256",
"auth.ldap.0.ssl_verify": "internal",
"auth.ldap.0.timeout": "4",
"auth.ldap.0.uname_attr": "uid",
"auth.ldap.0.use_ssl": "always",
"auth.ldap.0.users_base_dn": "OU=Users, DC=example, DC=com",
"auth.module.type": "ldap",
"auth.pam.0.service": "openvpnas",
"auth.radius.0.acct_enable": "false",
"auth.radius.0.name": "My Radius servers",
"cs.cws_proto_v2": "true",
"cs.https.ip_address": "all",
"cs.https.port": "943",
"cs.prof_sign_web": "true",
"cs.ssl_method": "SSLv3",
"cs.ssl_reneg": "false",
"cs.tls_version_min": "1.1",
"host.name": "my_hostname",
"hostname": "my_hostname",
"sa.compression_warning_shown": "displayed",
"sa.initial_run_groups.0": "web_group",
"sa.initial_run_groups.1": "openvpn_group",
"sa.ssl_lib": "openssl",
"vpn.client.basic": "false",
"vpn.client.cipher": "AES-256-CBC",
"vpn.client.config_text": "cipher AES-128-CBC",
"vpn.client.routing.inter_client": "false",
"vpn.client.routing.reroute_dns": "true",
"vpn.client.routing.reroute_gw": "false",
"vpn.client.routing.superuser_c2c_access": "false",
"vpn.daemon.0.client.netmask_bits": "24",
"vpn.daemon.0.client.network": "client_network_ip",
"vpn.daemon.0.listen.ip_address": "all",
"vpn.daemon.0.listen.port": "443",
"vpn.daemon.0.listen.protocol": "tcp",
"vpn.daemon.0.server.ip_address": "eth0",
"vpn.general.osi_layer": "3",
"vpn.server.cipher": "AES-256-CBC",
"vpn.server.config_text": "cipher AES-128-CBC",
"vpn.server.daemon.enable": "true",
"vpn.server.daemon.tcp.n_daemons": "1",
"vpn.server.daemon.tcp.port": "443",
"vpn.server.daemon.udp.n_daemons": "1",
"vpn.server.daemon.udp.port": "1194",
"vpn.server.dhcp_option.disable_nbt": "false",
"vpn.server.dhcp_option.nbt": "1",
"vpn.server.duplicate_cn": "false",
"vpn.server.group_pool.0": "group_pool_ip",
"vpn.server.port_share.enable": "true",
"vpn.server.port_share.ip_address": "1.2.3.4",
"vpn.server.port_share.port": "1234",
"vpn.server.port_share.service": "client",
"vpn.server.routing.gateway_access": "true",
"vpn.server.routing.private_access": "nat",
"vpn.server.routing.private_network.0": "my_subnet_ip1",
"vpn.server.routing.private_network.1": "my_subnet_ip2",
"vpn.server.routing.private_network.2": "my_subnet_ip3",
"vpn.server.tls_auth": "true",
"vpn.server.tls_version_min": "1.1",
"vpn.tls_refresh.do_reauth": "true",
"vpn.tls_refresh.interval": "360"
}
My SSH log:
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/ohad/.ssh/config
debug1: /Users/ohad/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "ec2-XX-YYY-YYY-YYY.compute-1.amazonaws.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ec2-XX-YYY-YYY-YYY.compute-1.amazonaws.com [XX.XXX.XXX.XXX] port 22
ssh: connect to host ec2-XX-YYY-YYY-YYY.compute-1.amazonaws.com port 22: Operation timed out